PHP : SFTP access through a SSH tunnel : possible?

Question

- ORIGINAL MESSAGE -

I need to access to a SFTP server but the PHP server is not directly connecting to internet. I think making connection through a SSH tunnel.

  AppServer    →          AdminServer            →          SFTP
My PHP Server  →  SSH connection through server  →  An external SFTP server

But i don't understand how to set authentification for SFTP account.

My code:

<?php

$connection = ssh2_connect("172.16.0.2", 22); // AdminServer
if(ssh2_auth_password($connection, "user", "password"))
{
    if ($tunnel = ssh2_tunnel($connection, "sftpservice.domain.com", 22)) // SFTP server
    {
        echo "tunnel ok";
        
        // How to authenticate to SFTP ?
        if (ssh2_auth_password($tunnel, "sftp_user", "sftp_password")) {
            echo "auth sftp";
        }
        else {
            echo "passwd tunnel fail";
        }
    }
    else {
        echo "Tunnel creation failed.\n";
    }
}
else
{
    echo "failed!";
}
?>

Result:

* tunnel ok
PHP Warning:  ssh2_auth_password(): supplied resource is not a valid SSH2 Session resource in /var/www/sftp_test.php on line 11
* auth sftp fail

---

- EDITION -

I tried something different. I just want to establish SSH connection.

tunnel_ip='172.16.0.2'
tunnel_port='22'
tunnel_user='xxx';
tunnel_pwd='abc'

ssh_ip='ip_addresse'
ssh_port='5962'
ssh_user='xyz'
ssh_pwd='abc'

# This work perfectly
ssh -J ${tunnel_user}@${tunnel_ip} -p ${ssh_port} ${ssh_user}@${ssh_ip}

Now i try in PHP (wih the same variables above)

$connection = ssh2_connect($tunnel_ip, $tunnel_port);
if(ssh2_auth_password($connection, $tunnel_user, $tunnel_pwd))
{
    echo "* connection $tunnel_ip ok \n";
    if ($tunnel = ssh2_tunnel($connection, $ssh_ip, $ssh_port))
    {
        echo "* tunnel ok \n";

        if (ssh2_auth_password($tunnel, $ssh_user, $ssh_pwd)) {
            echo "* auth ssh ok \n";
        }
        else {
            echo "* auth ssh fail \n";
        }
    }
    else {
        echo "* tunnel creation failed.\n";
    }
}
else
{
    echo "* connection $tunnel_ip fail \n";
}

Result:

* tunnel ok
PHP Warning:  ssh2_auth_password(): supplied resource is not a valid SSH2 Session resource in /var/www/test.php on line 22
* auth ssh fail

I read ssh2_sftp documentation but doesn't help me about tunnel.

Thanks for your help

Answer 1

I found a solution (there is probably others).

→ Open SSH tunnel with ramdom port (here 2345), create SFTP connection.

ssh -f -N -i /home/user/.ssh/id_rsa user@172.16.0.2 -L 2345:ssh_ip:ssh_port

→ PHP Code:

$cmd_ssh_tunnel="/usr/bin/ssh -f -N \
  -o StrictHostKeyChecking=no \
  -o ConnectTimeout=10 \
  -i identity_file \
  user@172.16.0.2 -p 22 -L 2345:ssh_ip:ssh_port > /dev/null 2>&1";
exec($cmd_ssh_tunnel, $output_cmd, $return_cmd);

$connection = ssh2_connect('127.0.0.1', '2345');
ssh2_auth_password($connection, $ssh_user, $ssh_pwd);
 
$sftp = ssh2_sftp($connection);
$statinfo = ssh2_sftp_stat($sftp, '/');
ssh2_sftp_mkdir($sftp, '/test');